Cryptography is a complex and confusing subject. In this session we'll distill PHP encryption down to its essential drivers. You'll learn what makes cryptography weak and strong. You'll learn the important questions to ask when making decisions regarding modules and libraries. This session won’t make you a cryptography expert but it will give you the knowledge necessary to protect your software from attack. No prior knowledge of cryptography is required for this session.

1. @adam_englander
Cryptography for Beginners
Adam Englander
Software Architect, iovation

2. @adam_englander
I am a Virtual Crime Fighter

3. @adam_englander
I am a lover of PHP

4. @adam_englander
I Am Not…
• … a security researcher
• … a cryptographer
• … a mathematician

5. @adam_englander
What To Expect
• Gain a working understanding of common
terms used in cryptography.
• Understand the key drivers for choosing
cryptography methodologies, algorithms and
strengths.
• Know which PHP modules to use.

6. @adam_englander
What Not to Expect
• Deep dive into algorithms
• A lot of comparison between algorithms and
implementations
• Become a cryptography expert

7. @adam_englander
What Is Cryptography?
Cryptography…is the practice and study of
techniques for secure communication in
the presence of third parties called
adversaries.
Wikipedia

8. @adam_englander
My Definition of Cryptography
Cryptography obscures data in such a way
that it is difficult and costly to duplicate
or reverse.

9. @adam_englander
How do you make it difficult?

10. @adam_englander
–Oxford Dictionary
Entropy:
Lack of order or predictability; gradual
decline into disorder.”

11. @adam_englander
The greater the entropy; the
greater the difficulty.

12. @adam_englander

13. @adam_englander
Achieving Maximum Entropy
• Use Cryptographically Secure Pseudo-Random Number
Generators (CSPRNG).
• Salts add global randomness to hashing.
• Feedback loops add local randomness to block ciphers.
• Initialization Vectors add global randomness to block
ciphers.
• Some ciphers introduce randomness with padding.

14. @adam_englander
Local vs Global Entropy
Local entropy is
entropy with a
singular pice of data
within a larger
system.
Global entropy is
entropy of the same
or similar data across
the entirety of a larger
system.

15. @adam_englander
How Random Is Random?
• It turns out it can be quite random as long as you
use the correct tools.
• Since PHP7, CSPRNG extension provides platform
independent cryptographically secure pseudo-
random data.
• Until you move to PHP7, paragonie/random_compat
package will give you the same functionality.

16. @adam_englander
How do you make it expensive?

17. @adam_englander
Algorithms that are difficult to
crack with brute force

18. @adam_englander

19. @adam_englander

20. @adam_englander

21. @adam_englander

22. @adam_englander
What Contributes to Cost?
Secrets
Computation
Entropy

23. @adam_englander
Computational Cost
• Complexity of algorithm increases cost.
• Key length increases cost.
• Some algorithms specifically target memory
and thread utilization to increase cost.
• Feedback loops increase cost.

24. @adam_englander
Cryptography is based on
ciphers

25. @adam_englander

26. @adam_englander

27. @adam_englander
Encryption Signatures
Key Derivation Hashing

28. @adam_englander
Encryption

29. @adam_englander
Asymmetric Encryption
• Based on very large
prime numbers
• Computationally
expensive
• Padding for entropy
• Cannot encrypt data
larger the the key

30. @adam_englander
Asymmetric Key Cryptography
• RSA and DSA are available in PHP. Use RSA.
• Uses very large prime integers
• Very computationally expensive
• Uses key pairs to protect secret

31. @adam_englander
Super Duper Secret
• Private key can do encrypt, decrypt, sign, and
verify signature
• Public key does not have enough data to
decrypt or sign. Can only encrypt and verify
signature

32. @adam_englander
Key Size and Hash Algorithm
• Current minimum recommend key size is 2048
• SHA1 is considered safe but SHA-256 is better

33. @adam_englander
Data Limitations
• RSA can only encrypt or sign data up to the
length of the key size
• Signatures use hashing
• Crypto often mixed with symmetric key
cryptography

34. @adam_englander
Padding
• Padding is how RSA creates additional
entropy
• Use Optimal Asymmetric Encryption Padding
(OAEP)
• Do not use PKCS1-V1_5 as it is no longer
considered cryptographically secure

35. @adam_englander
Symmetric Encryption
• Uses small shared key
• Has modes for
encrypting data larger
than the key
• Fast encryption
• Uses initialization vector
and key for entropy

36. Block Cipher Modes
DO NOT USE Electronic Cookbook (ECB)!!!

37. @adam_englander

38. @adam_englander
Block cipher modes determine how the
blocks of clear text are translated into
cipher text.
What are Block Cipher Modes?

39. @adam_englander
Cipher Block Chaining (CBC)
• Entire message is required for decryption
• Full cipher text block is used as the seed for
the next block

40. @adam_englander
Cipher Block Chaining (CBC)

41. @adam_englander
Galois Counter Mode (GCM)
• Counter based cipher stream
• Entire message is required for decryption
• Encrypts plain text and generates an
authentication code similar to an HMAC
simultaneously that is returned with the IV in
the cipher text

42. @adam_englander
Galois Counter Mode (GCM)

43. @adam_englander
Hashing

44. @adam_englander
Hashes by themselves aren’t very useful!

45. @adam_englander
Signatures

46. @adam_englander
Digital Signature
• Used to verify integrity of data
• Used mostly for data transfer
• Can be used for verifying data at rest
• Can not be reversed but can be reproduced
for verification

47. @adam_englander
Digital Signatures (HMAC)
• Hash-based Message Authentication Code
(HMAC)
• Hashing combined with key
• SHA-256 or better is preferred to ensure
uniqueness

48. @adam_englander
Key Derivation

49. @adam_englander
Key Derivation
• Uses salt for entropy
• Iterates to increase cost
• Can create cost via threads and memory
• Bigger is better!

50. @adam_englander
Which KDF Should I Use?
• argon2i is the new hotness
• scrypt is preferred
• bcrypt is acceptable
• PBKDF2 can be used in a pinch

51. @adam_englander
How Can I Use KDFs?
• PHP has the best package for managing that
PERIOD! Use the password extension. Just
use it!
• For *cough* pre-5.5.0, you can use ircmaxell/
password-compat
• Provides tools for hash upgrades. AWESOME!

52. @adam_englander
And now…an example

53. @adam_englander

54. @adam_englander

55. @adam_englander

56. @adam_englander
Hi Bob, I’m Alice.
Can you hear me?
Bob Alice
Client starts
TCP session by
sending a
synchronized
packet to the
server

57. @adam_englander
Bob Alice
Yes Alice, I can
hear you. Can you
hear me?
Server responds by
sending SYNchronize-
ACKnowledgement
packet to the client

58. @adam_englander
Yes Bob, I can hear
you.
Bob Alice
Client completes
TCP session the
initialization by
sending
ACKnowledge
packet to the
server

59. @adam_englander
This is
conversation
12345. I know
German and
Spanish.
Bob Alice
Client informs the
server the session
requires TLS and
sends the TLS version
number, cipher
settings, public key,
and session-specific
data.

60. @adam_englander
Bob Alice
Let’s use German.
Here’s my ID.
Server chooses
the cipher
settings and
sends
Certificate.

61. @adam_englander
Bob Alice
The
signature on his
ID matches. He’s
Bob.
Client verifies
the server’s
certificate by
verifying the
signature
against the
known
certificate
authority.

62. @adam_englander
Ich denke an
eine Farbe, die Sie
mit gelb zu
machen.
Bob Alice
Client and
server begin a
conversation
that is now
encrypted using
asymmetric
encryption.

63. @adam_englander
The rest of the conversation would
be in German. But, we’ll show it in
English.

64. @adam_englander
I have a color
that makes orange
with yellow with
yellow.
Bob Alice
Session symmetric key
negotiation begins with
client generating a
secret random value
and sending a shared
value and a value
derived from the two.
Alice’s secret is red, the
shared value is yellow,
and the derived value is
orange.

65. @adam_englander
Bob Alice
I have a color
than makes green
with yellow.
The server generates its
own secret random
value and sends a
value derived from it
and the shared value.
Bobs secret is blue, the
shared value is yellow,
and the derived value is
green.

66. @adam_englander
Bob Alice
Our shared color
is purple.
Both determine a
new shared
value based on
combining the
two secret
values.
Alice’s secret is
red. Bob’s secret
is blue. Their
combined
secrets are
purple.

67. @adam_englander
ログイン ページを
教えてください
Bob Alice
Client sends HTTP
request the server
for the login page
using symmetric
encryption with the
newly negotiated
key.

68. @adam_englander
Bob Alice
ここで、ログイン
ページです
Server sends an HTTP
response with the
login page HTML
using symmetric
encryption with the
newly negotiated key
to the client.

69. @adam_englander

70. @adam_englander
Recommendations

71. @adam_englander
Disclaimers
• Although every app is different, commonalities
exist across most applications
• I am only recommending what I know and have
vetted directly or indirectly via my work
experience
• If you think you are different, ask yourself if the
advantages outweigh the risks

72. @adam_englander
Types
• Use RSA asymmetric key cryptography when
transferring data
• Mix with AES and random keys/IVs per transfer
• Use CSPRNG extension/package for keys, salts
and initialization vectors
• Use password extension/package for passwords

73. @adam_englander
Strength
• Use the strongest cryptography you can afford
• AES: aes-256-cbc / sha256 minimum
• RSA: 2048+ PKCS1_OAEP / RSA-SHA256
• Hash until it hurts!

74. @adam_englander
Packages/Libraries
• Use OpenSSL for encryption and digital signatures
• For extreme compatibility, use phpseclib/phpseclib
• Use CSPRNG extension/package for keys, salts
and initialization vectors
• Use password extension/package for passwords

75. @adam_englander
MCrypt
DO NOT USE THIS!
IT IS DEPRECATED!
IF YOU ARE USING THIS. PLAN YOUR
MIGRATION AWAY NOW!

76. @adam_englander
Password Hashing
• password_hash to hash
• password_verify to check password against the
hashed value
• password_needs_rehash to ssh if the hash
needs updated

77. @adam_englander
Hash
• hash_hmac for hashing - sha256 for algorithm

78. @adam_englander
OpenSSL
• AES-CBC or AES-GCM
• RSA for asymmetric encryption
• PBKDF2 for key derivation - not so great

79. @adam_englander
libsodium
• AES-GCM or ChaCha20-Poly1305 for symmetric
encryption including auth tag
• XSalsa20-Poly1305 for asymmetric encryption
• Ed25519 for asymmetric digital signatures
• Blake2b for hashing
• Argon2 and Scrypt KDFs for password hashing

80. @adam_englander
Resources
• https://secure.php.net/manual/en/book.openssl.php
• https://secure.php.net/manual/en/book.csprng.php
• https://secure.php.net/manual/en/
book.password.php
• https://packagist.org/packages/phpseclib/phpseclib
• https://en.wikipedia.org/wiki/Cryptography